Author: rescue@crimefire.in

The US Govt and Corps Look to Fill 700K Cybersecurity Jobs  The New Stack
source

Getty Images
High-profile cyber attacks elevated cyber security and cyber crime to dinner table conversation in 2021, and although there was no repeat of the Colonial Pipeline incident in 2022, awareness of cyber issues among the general public has never been higher.
And cyber criminals showed no sign of slowing down in 2022, even though ransomware attack volumes appeared to drop off for a time, in a trend likely linked to the war in Ukraine.
This year saw high-profile attacks on well-known organisations, disruption to the UK’s supply of crisps and new battles in the fight against digitally enabled fraud, while a cyber crime spree by a gang of troublesome kids caused consternation.
Here are Computer Weekly’s top 10 cyber crime stories of 2022.
In January, contractor payroll service provider Brookson Group referred itself to the National Cyber Security Centre (NCSC) after an “extremely aggressive” cyber attack that forced it to take systems offline. Coming amid the ongoing IR35 controversy, this incident, and a separate attack on a different umbrella firm, disrupted salary payments for thousands.
In February, a series of cyber attacks targeting oil distribution terminals and other facilities in Europe had authorities on high alert, given rising fuel prices and the threat of supply disruption as the political crisis in Ukraine escalated into conflict.
A series of attacks on technology suppliers by a group known as Lapsus$ grabbed the headlines early in 2022, and although some gang members were arrested, these attacks have continued later into the year. In March, we explored how Lapsus$ attacks on Nvidia and Okta highlighted weak multifactor authentication and the risks of employees being bribed or falling victim to social engineering.
Every so often, a cyber attack hits the front pages of the UK’s tabloid newspapers, and February’s Conti ransomware attack on the systems of KP Snacks, the company behind iconic brands such as Hula Hoops, Space Raiders and the eponymous peanuts, made the cut. Computer Weekly heard from security experts about the incident, one of whom spoke of a “dark day for crisp aficionados”.
Conti hit the headlines again in May, when it shut down amid suggestions it had orchestrated its own downfall for its members to split off into new operations. Ransomware cartels come and go, but Conti was a particularly dangerous group, and its loss was not mourned.
Ride-sharing service Uber was one of 2022’s high-profile cyber attack victims in September, when it suffered a supposed social engineering attack on an employee by an apparent teenage hacktivist who wanted the company to pay its drivers more money. The incident saw multiple systems at Uber disrupted, which later blamed the Lapsus$ collective.
A somewhat botched Clop/Cl0p ransomware attack on South Staffordshire Water in August seemed to have been largely forgotten, until it emerged at the end of November that the gang had stolen customer data and leaked it on the dark web. The data included names and addresses, bank details including sort codes and account numbers, and possibly other personal data. Customers of sister company Cambridge Water also seem to have been hit.
The Lapsus$ cyber crime spree put teenage hackers and so-called script kiddies, rather than advanced ransomware gangs, in the spotlight this year, and in June, Computer Weekly spoke to one of the UK’s most famous teenage hackers, Daniel Kelley, who was just 17 when he played a key role in the infamous TalkTalk cyber attack. Kelley is still laser-focused on cyber security, but is planning to pursue a legitimate career.
Ransomware gangs rarely directly target consumers, making digitally enabled fraud arguably the most likely way the average person is going to fall victim to cyber crime. The fight against fraud continued in 2022, and in November, the Metropolitan Police revealed details of its role in a major operation that took down a cyber criminal website and saw more than 100 arrests.
At the beginning of December, a sudden drop in service for users of Rackspace’s Hosted Exchange business caused widespread chaos before being confirmed as a ransomware attack by an unspecified group. Full details of the incident are not yet known, but given how many Computer Weekly readers tuned in, it will likely prove one of the more disruptive cyber crime incidents of the year.
The U.S. government has released a report outlining plans to build a National AI Research Resource democratizing access to AI …
For the first time in two years, tech employment didn’t grow in January, thanks to tech company layoffs. But the shift to digital…
Smart contracts, automated content creation, targeted advertising, community building and metaverse-like experiences are some of …
Since the onset of the widespread attacks last week, the ESXiArgs ransomware strain appears to have undergone updates that make …
TrickBot malware has caused considerable damage to U.S. organizations, particularly in the healthcare industry, and was used in …
Ransomware hit a high number of unpatched VMware ESXi servers by exploiting two- and three-year-old flaws, which has put …
Hybrid access as a service from a startup helped a global company secure optimized connectivity over home broadband connections. …
API integration, machine learning and AIOps are vital to achieve the benefits of SD-WAN automation, which include better network …
A heavy reliance on the network can increase energy use across businesses. Here are some best practices network teams can follow …
Organizations stand to benefit from the compute power of quantum computing as it develops. The tech has potential uses in supply …
When organizations go green in their data center, they will have to measure the facility’s efficiency and environmental impact. …
AMD reported a rise in fourth-quarter revenue, along with expectations for a much-needed surge in demand for PCs in the second …
The vendor is the creator and lead sponsor of the open source InfluxDB database and plans to use the new funding to further …
Organizations are using cloud technologies and DataOps to access real-time data insights and decision-making in 2023, according …
Data lakes and data warehouses are both commonly used in enterprises. Here are the main differences between them to help you …
All Rights Reserved, Copyright 2000 – 2023, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information

source

The FBI is worried about a wave of cyber crime against America’s small businesses  CNBC
source

Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox.

Companies trying to fill cybersecurity roles need to stop looking for unicorns and expand their search to qualified, but often overlooked, job candidates.
A recent data analysis from CyberSeek confirmed what many in cybersecurity know all too well: The job market is on fire.
U.S. employers posted roughly 715,000 cybersecurity roles in the 12-month period ending in April 2022. Demand for cybersecurity jobs increased 43% over that 12-month period, compared to 18% for the rest of the job market. 
“The growth rate is some of the fastest that we have ever seen,” said Will Markow, VP of applied research, talent for Lightcast, one of the three industry partners behind CyberSeek. “In the first four months of 2022, each month broke the previous month’s record for the most jobs tracked.”
High demand has come at a cost, though. Cybersecurity jobs are taking 21% longer to fill than other IT roles, and cybersecurity salaries have crept up to 10% more than IT salaries, Markow said. Only two states – Maine and Wyoming – aren’t reporting a talent shortage. 
And for every 100 jobs being posted, there are only 66 workers to fill them.
“That means we’re entering the cybersecurity battlefield with one-third of our army on the sidelines,” he said.
Many companies cite a talent gap for their inability to fill cybersecurity roles – but a big part of the problem may be that hiring managers are looking for more than they can find.
ISACA’s latest State of Cybersecurity report indicated that more than 60% of companies have unfilled cybersecurity positions and understaffed teams. 
The top skills gap, cited by more than half of cybersecurity professionals surveyed, is soft skills such as problem solving, critical thinking, and communication. The top factor used to determine whether a candidate is qualified, though, is prior hands-on cybersecurity experience, followed by credentials.
“There are almost 1 million open jobs – but no one is willing to hire junior people,” said Jenai Marinkovic, a member of the ISACA Emerging Trends Working Group and virtual CISO/CTO with Tiro Security.  
At a philosophical level, it makes sense. In an ever-expanding cyberthreat landscape, and with increased scrutiny of cybersecurity practices among government entities as well as customers, few companies are willing to put someone with just a few months of experience in charge of protecting valuable digital assets, Markow said.
However, it often leads to what Jon France, CISO of (ISC)2, describes as “job description abuse.” 
An entry-level role, for example, will require Certified Information Systems Security Professional certification – which requires five years of industry experience and a passing grade on the CISSP exam. 
“There’s fierce competition for the unicorn who’s at a senior level, but because that’s such a tough market, you need to balance your hiring across entry-level and those who are more experienced,” France said.
The high-flying skills are unrealistic. For starters, the recent (ISC)2 Cybersecurity Hiring Guide found that about 62% of cybersecurity professionals in the United States have less than four years of experience. 
In addition, more than 137,000 cybersecurity job postings in the U.S. over the last 12 months asked for CISSP certification, Markow said, citing Cyberseek data.  But less than 95,000 workers have obtained certification. 
“It really benefits employers to think carefully about the skill sets and credentials they request,” Markow said. “We need to widen the hiring aperture to bring in workers from more diverse experiential and educational backgrounds. Employers want someone with at least a bachelor’s degree to enter the position, but we can’t wait four years for the next crop of workers.”
It’s the same for Marinkovic: “We are seeing a decrease in the number of people who demand degrees, but it’s hard to let go of that bias. Cybersecurity tends to be monolithic in its way of thinking.”
One approach to meeting this need is entry-level certification. (ISC)2 is piloting such a program, which targets students as well as those looking to enter cybersecurity from another industry. 
“We have to look at other sectors and attract people interested in changing careers,” France said. “Being new to cybersecurity doesn’t necessarily mean being young.”
Marinkovic, through her work as the executive director of GRC for Intelligent Ecosystems (GRCIE), has developed 6-month courses to prepare women, minorities, and other individuals from underserved communities for entry-level cybersecurity roles. 
Training emphasizes both technical skills – particularly risk assessments and regulatory frameworks – along with soft skills such as communication and conflict resolution.
On-the-job training is both critical and undervalued. The (ISC)2 survey found that roughly two-thirds of companies think it takes nine months for cybersecurity staffers to work independently.
For many in management positions, that’s too much time. “Sometimes, you just have to get bodies in, and it’s a trial by fire,” Marinkovic said. “If it takes at least six months for someone to be ready to do the job, and if you’re already underwater and under skilled, having to bring someone on board when you’re already working 100 hours a week is going to impact your effectiveness.” 
To shorten the learning curve for new cybersecurity professionals, Markow has seen a trend of companies looking at internal candidates who have transferable skills. That way, they only need “last-mile” training to make the move to a cybersecurity role. 
As a bonus, they already know the company’s technology stack and its corporate culture. 
“This is a highly effective way for organizations to expand the talent pipeline,” he said. “It aids employee retention by giving people more mobility, and it’s an effective way to increase the diversity of the applicant pool.” 
In addition, Markow has seen companies “parcel out” cybersecurity tasks – for example, by encouraging IT project managers and software engineers to proactively build security into the software development cycle. 
“When security is embedded into these day-to-day tasks, it makes the whole organization more secure – and it builds more of those pools of skill-adjacent cybersecurity workers,” he said.
Get the free daily newsletter read by industry experts
Physical keys with cryptographic protocols can deliver higher levels of assurance, but organizations shouldn’t conflate resistance with infallibility.
CISOs are up against talent shortages and retention concerns amid an increasingly sophisticated threat landscape.
Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter
Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Share your announcement ➔
Physical keys with cryptographic protocols can deliver higher levels of assurance, but organizations shouldn’t conflate resistance with infallibility.
CISOs are up against talent shortages and retention concerns amid an increasingly sophisticated threat landscape.
The free newsletter covering the top industry headlines

source

The cybersecurity talent shortage is a major problem. Sixty percent of organizations struggle to recruit cybersecurity staff, and 52% struggle to retain qualified people, according to a Fortinet report.
“I’m not seeing a lack of talent available for entry-level jobs, the problem is in the five-to-10-year experience level,” said Helen Patton, an advisory CISO at Cisco and a senior faculty member at Digital Directors Network.
Job descriptions only further the problem, Patton said. Qualified candidates are often deterred from applying to a job due to unreasonable job posting requirements. “You’ve got hiring managers who don’t know how to write job descriptions, and you’ve got recruiters who don’t understand the role,” she said.
In her book, Navigating the Cybersecurity Career Path, Patton offered advice to help security leaders build a security team, including how to recruit the right talent with good job postings.
In this excerpt from Chapter 18, Patton suggests tips on how to write a cybersecurity job posting. Learn which skills to include, as well as the importance of using inclusive language and explaining how the role will benefit the candidate — and not just the organization.
Of all the challenges with security job postings, the skills mismatch causes most candidates to skip your posting and look elsewhere. The industry has a skills gap, yet our job postings require too many skills and too many certifications. Also, there is an assumption that the successful candidate must arrive in the new job fully trained to do whatever is needed. Before you sit down to write your posting, fully consider the skills that are absolutely required from a new hire, as well as the skills you are willing to help the candidate develop on the job.
When you are considering skills, you should also consider what formal education you expect in your candidates. Don’t ask for a four-year degree unless you truly believe it’s a necessary requirement. (Most security leaders do not.) Be careful about the certifications you require; do they really support the role you are hiring for? Are there equivalences you are willing to consider, such as work experience in place of formal schooling? Must all the training you require be security-specific, or can you let candidates demonstrate skills through another path? How do you feel about self-taught candidates?
Benchmark yourself against other postings and resources, such as the U.S. National Initiative for Cybersecurity Education (NICE) Workforce framework. Make sure you’re not asking a junior candidate to have senior-level skills. Make sure the senior level job posting isn’t asking for too much experience or technology mastery. Just because it is a senior position doesn’t mean the role requires expert-level mastery of every skill!
Differentiate between general IT skills (such as programming languages) and security skills (assessing applications for insecure code), and make sure you’re not labeling a job “security” just because it sits in the security organization. It’s perfectly fine for a CISO to hire a generic application developer, project manager, or data analyst without making them a “security engineer,” “security manager,” or “security analyst.”
Interestingly, when you talk to hiring managers, it is often not the technical skills that are hard to develop on the job — it’s the professional skills like empathy, teamwork, and communication. When you read the job description, which “required skills” are listed first? The technical skills! If you think you can train the technical skills on the job but want to hire the professional skills, list the professional skills first.
Don’t ask for skills or experience you are willing to live without. Even putting unnecessary skills in the “optional” or “preferred” section is enough to turn high-quality candidates away — so make sure the skills you put into your job postings are ones you truly require.
Read a Q&A with author Helen Patton for tips on finding your niche in the industry.
No job is created in isolation. If you’re hiring someone into a role, it is because your organization needs that role for some purpose, and that purpose aligns with your security strategy and the organizational business goals and mission.
So, when you’re creating a job posting, let potential candidates know the “why” of the job. Why does this job exist? What purpose does it fill? How does it fit into the company, the security team, the security function? Is the role focused on one single line of business in the company or the whole company? Is the role going to be part of a revenue-generating team or a product support team, or will it be an administrative function? What are your core values, and how does this position support them? Include a link to the important parts of your company website so a candidate can quickly see general information about working at your company.
Don’t just talk about what the job is; talk about how the company will support the development of the candidate. Tell the candidate what they become, as well as what the job can become. Do you invest in training employees on the job, send them to conferences, or pay for industry memberships? Then say so! Let them know that you will be helping them grow when they join your team, not just assessing their job performance. Let them know that the risk they are taking to apply for your job is worth it.
You should give candidates some context because it allows them to see themselves in the role. Candidates want to be excited about a new opportunity. If all you can do is tell them that they will be monitoring vulnerabilities, pen testing an application, or writing policy, you’re not giving them the full picture.
Giving candidates the “why” allows them to fill out the role in their imagination and allows them to imagine their success as part of your team.
Context will allow candidates to be better prepared for interviews, ask better questions, and be better prepared to do what you need.
When you’re creating a job posting, you are creating a vision for the candidate. You’re telling a story of what the role can be and what their role in it will look like. So, just like any good storyteller, you need to put the reader in the center of the story — not as a passive observer, but as the whole point. To do this, you need to use the first-person language.
Instead of saying, “The candidate will monitor systems and follow playbooks to respond to incidents,” you might choose to say, “You will use your powers of observation to identify anomalies and attacks against your company.”
Instead of saying, “Applicants will be part of the Security team,” you might say, “You will be a key member of a highly professional and inclusive group of people who ensure the security of the entire company.”
When you write your job postings, you should be careful to avoid language that is seen as gendered, biased, or otherwise promotes negative stereotypes. Some people want to be “rock stars,” but for others, this is seen as a masculine, high-competition standard that automatically excludes women or other minorities. There is free software available to check the language you plan to use. Search for “bias language applications” to see some options. Please use them. Candidates will not apply for your job if the language you use prevents them from seeing themselves as being successful in the role.
If you can, try to avoid using filter Q&A as the first step in the application process. Companies love to do this — it helps their algorithms “weed out” unqualified candidates. But security jobs aren’t cookie-cutter, and these algorithms often do more harm than good because they filter out qualified candidates who lack exactly the right kind of experience or use the wrong words in their résumés. Our algorithms aren’t ready for the lack of structure currently existing in the security profession. If you must use these, ask your recruiter to see the reject list as well as the selection list. You’ll be surprised who gets left behind!
About the author
Helen Patton is an advisory CISO at Cisco, where she shares security strategies with the security community. Previously, she spent eight years as CISO at The Ohio State University, where she was awarded the 2018 ISE North American Academic/Public Sector Executive of the Year. Before joining Ohio State, she spent 10 years in risk and resiliency at JPMorgan Chase. She serves on the State of Ohio CyberOhio Advisory Board, the Manufacturing and Digital USA Cybersecurity Advisory Board and the Ohio State University College of Electrical and Computer Engineering Industry Advisory Board. Patton is also a faculty member for the Digital Director’s Network and for the Educause Leadership Institute.
Hybrid access as a service from a startup helped a global company secure optimized connectivity over home broadband connections. …
API integration, machine learning and AIOps are vital to achieve the benefits of SD-WAN automation, which include better network …
A heavy reliance on the network can increase energy use across businesses. Here are some best practices network teams can follow …
The U.S. government has released a report outlining plans to build a National AI Research Resource democratizing access to AI …
For the first time in two years, tech employment didn’t grow in January, thanks to tech company layoffs. But the shift to digital…
Smart contracts, automated content creation, targeted advertising, community building and metaverse-like experiences are some of …
Internet Explorer mode lets users view legacy IE websites not supported by other browsers, which can increase productivity and …
Implementing MDM in BYOD environments isn’t easy. IT should communicate with end users to set expectations about what personal …
Dell joined Microsoft in cutting 5% of its workforce due to slowing PC sales. The company said the action will better position it…
If your cloud-based workloads and applications need to move back on premises, you’ll need a plan. Start your reverse migration …
Cloud cost management is a top priority on admin’s minds. FinOps expert Mike Fuller talks about cloud billing challenges and how …
Responding to user demand, Oracle struck a deal with Red Hat to make the latter’s Enterprise Linux operating system an integral …
Dutch government will take swift action to prevent citizens getting into trouble due to the misuse of algorithms
The Lords Communications Committee has launched an inquiry to investigate how the UK can tackle digital exclusion during the …
Research by McKinsey found that 31% of girls who are studying tech-based subjects at school in Europe then drop out of the …
All Rights Reserved, Copyright 2000 – 2023, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information

source

Submit
Δ
Thanks for contacting us. We've received your submission.
A little-reported data breach at a marketing email service owned by Intuit is raising concerns about security protocols at its better-known properties such as TurboTax, QuickBooks and Credit Karma, The Post has learned.
Intuit, a sprawling, publicly traded business-software empire with a market capitalization of $110 billion, admitted last week that 133 accounts using its MailChimp site were hacked. The company did not say who was responsible.
While the number of breached accounts is relatively small, many were used by customers who run businesses with hundreds of thousands or even millions of emails on their rosters, according to sources.
Last March, MailChimp confirmed hackers gained access to information on 102 of its customer accounts. A month later, Intuit was slapped with a class-action suit from customers of crypto wallet Trezor — a company that used MailChimp.
Trezor customers in the pending suit — including one man who says he lost $87,000 — claim Intuit did not use “adequate and reasonable measures to ensure that its data systems were protected.”
Late last month, reports surfaced that several key email services including MailChimp could be at risk as part of a bigger cybersecurity attack. MailChimp, according to a post on the company’s website, said it did not detect any problems until Jan. 11.
Customers complained they were alerted the next day that their accounts had been compromised but said MailChimp allegedly gave them no tools to respond to the data breach and didn’t even provide a phone number to call.
“Intuit’s business is all about data security… what’s going on here?,” one infuriated marketing executive who’s email list had been compromised told The Post. “This is a huge black eye for Intuit because you’re going to question their entire system.”
“Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts, and there is no evidence that this compromised customer data beyond these Mailchimp accounts.”
Legal experts fear the hack could signal bigger problems at other Intuit companies.
“While MailChimp might be considered a boring, sleepy company, it is part of the portfolio of Intuit,” former SEC enforcement attorney Ron Geffner told The Post. “Have they implemented the same policies and procedures at all portfolio companies? Is it a back door into the parent company?”
“Is this isolated or indicative of other problems the company faces with regard to cybersecurity?”
In 2021, TurboTax revealed hackers had accessed some of customers’ financial and personal information. The company said at the time it was not a “systemic data breach of Intuit.”
“An isolated incident raises fewer questions,” Geffner adds. “Multiple failures begs the question of whether it was due to a failure of the company and have the same failures resulted in multiple breaches.”
MailChimp could also be on the hook for millions in fines from regulatory bodies including the Consumer Financial Protection Bureau, the Federal Trade Commission and multiple states after customers data was compromised, attorneys told The Post.
MailChimp will have to prove to regulators it provided adequate protections for customer data. Even if MailChimp did provide adequate customer protection laws, it will likely have to compensate customers and their clients for lost time and money dealing with the security breach, experts said.

source

The need for cybersecurity professionals has been growing rapidly, even faster than companies can hire—and that demand is expected to continue. The number of unfilled cybersecurity jobs worldwide grew 350% between 2013 and 2021, from 1 million to 3.5 million, according to Cybersecurity Ventures. The industry researcher also predicts that in five years, the same number of jobs will still be open. 
In the U.S., there are about 1 million cybersecurity workers, but there were around 715,000 jobs yet to be filled as of November 2021, according to a report by Emsi Burning Glass (now Lightcast), a market research company. If so many bodies are needed to fill seats in cybersecurity roles, then what’s the holdup on companies and universities preparing future professionals to take these jobs?
There’s no one answer to that question, Will Markow, vice president of applied research–talent at Emsi Burning Glass, tells Fortune. Rather, a number of dynamics are making it difficult to build a talent pipeline for cybersecurity jobs. One contributing factor to the talent shortage is that there aren’t enough professionals who have the credentials necessary (whether it’s a master’s degree in cybersecurity or other certificate program) to get hired.
“Cybersecurity jobs see the skill requirements evolve far more rapidly than many other fields,” Markow, who specializes in cybersecurity job market research, explains. “Cybersecurity jobs are, by nature, more likely to fuse together skill sets from disparate domains. If you think about it, every new technology now has a digital component, and every technology with a digital component needs to have a digital security component.”
While companies are looking to hire cybersecurity professionals in droves, the industry often requires that workers have certain credentials or certifications on top of education requirements, Markow explains. An example is a CISSP certification, which is required for many top-level cybersecurity roles that are in high demand—and have high-paying salaries, to the tune of about $120,000.
Bottom line: Even if you have an undergrad or graduate degree in cybersecurity, computer science, or an adjacent field, that may not be enough to land certain jobs in the industry. 
“Employers have been very slow to reduce either credential requirements or education requirements for cybersecurity jobs, despite the hiring difficulty that they have,” Markow says. “We really haven’t seen any noticeable shift in the share of cybersecurity openings that are available to workers who don’t have either a bachelor’s degree or at least three to five years of prior work experience.”
Some employers, however, are developing talent pipelines for cybersecurity roles. One employer in particular that hires swaths of cybersecurity professionals is Deloitte; as of May 2021, the company employed more than 22,000 cybersecurity workers around the world under its Deloitte Cyber business line. In fact, Deloitte was named as the top company for hiring cybersecurity talent by Datamation. 
Other top cybersecurity employers include PwC, EY, Booz Allen Hamilton, and KPMG. Research from Emsi Burning Glass also shows that in recent months, financial services requested more cybersecurity workers than professional services companies. 
In step with global trends, the demand for cybersecurity talent at Deloitte continues to grow, Deborah Golden, Deloitte U.S. cyber and strategic risk leader, tells Fortune. 
“The cybersecurity landscape used to be contained within four walls. Obviously where we are today, that’s truly not the case,” she says. “The pandemic pushed change into a bit of hyper-speed, but we were already headed into digital transformation. Because of that, we are becoming overly diverse in terms of the types skills we’re looking for, from everything from deep cyber to domain expertise.”
To help fill these high-demand roles, Deloitte Cyber developed a train-to-hire program that trains candidates in cybersecurity topics to fill jobs they wouldn’t traditionally be qualified for. 
Candidates engage in boot camps and other job training to prepare them to take on cybersecurity jobs that otherwise would have needed to be filled by a traditionally trained professional—someone who studied cybersecurity or an adjacent field in undergrad or graduate school. The trainings focus on topics including software engineering, data science, and UI/UX development.
“Don’t be concerned if you don’t have all the certifications or the degrees or the capabilities that you think were historically needed for cyber,” Golden advises. “Given where the market is today, there’s a need to have greater diversity of thought, and, just candidly, more and different types of skill sets and backgrounds coming to solve.”
Undergraduate and graduate degree programs focused on cybersecurity continue to be a popular route for entering the industry. But like Deloitte, other companies are also providing in-house training for current employees who are looking to enter the cybersecurity workforce. 
If you’re already in a technical role—but not specifically cybersecurity—Markow suggests finding ways to “bake” cybersecurity into your current role. This could involve learning a new skill set through shorter-term training opportunities or boot camps. 
Another way to get your feet wet is to prepare to take one of the entry-level cybersecurity certification tests, such as Security Plus. 
“You’ll learn a lot about the field just in preparing for the exam,” he says. “And then if, and when, you obtain the credential, you already have a credential that’s in demand and requested by many employers, which is just going to make it all that much easier for you to find your first job and enter in advance your career in cybersecurity.”
See how the schools you’re considering fared in Fortune’s rankings of the best master’s in cybersecurity programs, public health programs, business analytics programs, data science programs, and part-time, executive, full-time, and online MBA programs.

source

Insight and analysis of top stories from our award winning magazine “Bloomberg Businessweek”.
Ashlee Vance explores innovations in new tech, software, engineering, and science in places outside of Silicon Valley.
For Fear or Money, Consumer Giants Are Staying in Russia
Cash Crisis Proves a Boon for Mobile-Money Startups in Nigeria
UK Wage and Inflation Data Set to Fuel Further BOE Rate Hikes
Japan’s LDP Policy Head Says Monetary Policy Has Room for Reform
Power Bill Relief Central in Australia Budget, Treasurer Says
Court Orders Nestlé to Pay $2.2 Million to Bullied Ex-Employee
For Fear or Money, Consumer Giants Are Staying in Russia
Coolant Leak at Russian Spacecraft, Station Crew Safe
Social Media Buzz: Lyft, Alaska, Anna Paulina Luna, Rihanna
Amazon Subsidiary Zappos Lays Off Around 20% of Staff, DJ Says
Netanyahu Plans ‘Broader Action’ Against Terrorism Supporters
Britain’s Cherished NHS Wrestles With Its ‘Reform or Die’ Moment
Izzy Englander’s Wife Withdraws Suit Over Post-Nuptial Agreement
Trump’s 40 Wall St. Put on Lender Watch as Vacancies, Costs Rise
Disney Streaming Tech Chief Leaves Ahead of Larger Staff Cuts
Music Rights Firm Launches With Robbie Williams and Placebo Hits
Can ChatGPT Write a Better Novel Than I Can?
Adani Draws Parallels to Evergrande, But It’s Far More Vulnerable
If Pixar Can Do it, So Can You: ‘How Big Things Get Done’
Tech Holdouts Are Making Life Hell for Their Colleagues
Brazil’s Richest Man Loses Billions as His M&A Machine Breaks Down
Forget Hard or Soft Landing: Meet the Rolling Recession
UK Salesman Wins $86,000 Ageism Payout for ‘Bald’ Discrimination
Trump Offers Deal to Provide DNA in Rape-Accuser’s Suit
OPEC Chief Tells Climate Activists to ‘Look at the Big Picture’
Maple Syrup’s $1.5 Billion Industry Splinters as Winters Get Warmer
In the DC Suburbs, an Artful Compromise Over Density and Housing
The Rise of the Millionaire Renters
Super Bowl Parties Produce Tons of Trash. Phoenix Is Hoping to Fix That
A $92 Billion Crypto Profit Maker Is in Line for a Shake-Up
This Week in Crypto: Billionaires Reconcile, ‘Britcoin’ in Works (Podcast)
Real World Courts Come For Digital Crypto Hackers (Podcast)
Eamon Akil Farhat
Subscriber Benefit
Subscribe
Royal Mail said no personal data was compromised during a cyberattack detected last week, though the UK postal firm continues to grapple with the situation and letters and parcels are still not being exported.
Chief Executive Officer Simon Thompson told a House of Commons panel Tuesday that based on the investigation so far, no data breach took place, though the UK Information Commissioner’s Office, which regulates data privacy, has been informed.

source

No companies appear to be safe when it comes to cybersecurity. Online sports betting service DraftKings recently suffered a data breach, while a healthcare system exposed the details of over 3 million users.
Things just got more frightening as we found out a popular cybersecurity company suffered a massive data breach. When a service in charge of protecting your digital life is breached, it’s time to take action.
Read on for details on this scary breach and a few ways to protect your information.
Credential stuffing is a popular technique for cybercriminals. So, what is credential stuffing? It’s when criminals take stolen usernames and passwords and use bots to inject them into other websites, hoping to gain access to accounts. The stolen credentials are often posted on the Dark Web, making it easy for thieves to get their hands on them.
Credential stuffing attacks are successful when a victim uses the same password on multiple online accounts. If a thief has compromised credentials from one site, they can use them to infiltrate another that uses the same password. That’s why it’s critical to have strong, unique passwords for every online account.
Learn the tech tips and tricks only the pros know.
Norton LifeLock recently suffered a data breach, and the company says its system wasn’t at fault. It claims the breach was the result of a credential-stuffing attack. At any rate, thousands of users’ details were exposed.
In a notice sent to impacted users, the company explains that “our systems were not compromised. However, we strongly believe that an unauthorized third-party knows and has utilized your username and password for your account.”
It’s believed that as many as 925,000 inactive and active accounts were compromised. Stolen data includes first names, last names, phone numbers, and mailing addresses.
The first thing you must do is change your Norton LifeLock account password. Next, ensure all of your online accounts have unique passwords. Don’t use the same password for multiple accounts.
Here are some other tips that will help you to stay safe online:
Norton renewal email scam: Keep an eye out for this phony invoice
Antivirus warning: What to do if you see this warning from McAfee
More:
Get tech updates and breaking news on the go with the Komando.com App, available in the Apple and Google Play app stores.

source

By Debra Cassens Weiss
August 8, 2022, 9:51 am CDT

Image from Shutterstock.
Lawyers in New York will have to take at least a one-hour cybersecurity course as part of their continuing legal education requirements beginning in July 2023.
Although Florida and North Carolina require some technology training as part of their CLE requirements, New York is the first state to require coursework in cybersecurity, data privacy or data protection, LawSites reports.
New York has already adopted an ethical duty of technology competence for lawyers. The new CLE requirement, adopted in June, requires one hour of CLE related to cybersecurity, privacy and data protection every two years. The hour can be related to lawyers’ ethical obligations regarding data protection or to technological aspects of protecting law office and client data.
The mandated one-hour training counts toward the 32-hour CLE requirement for new lawyers in their first two years after admission to the bar. It counts toward the 24-hour biennial CLE requirement for other lawyers.
Lawyers can apply up to three hours of cybersecurity ethics training toward their ethics and professionalism CLE requirement. Mandated professionalism training is six hours over two years for new lawyers and four hours over two years for other lawyers.
The New York State Supreme Court’s Appellate Division adopted the cybersecurity CLE requirement based on a recommendation from the New York State Bar Association’s Committee on Technology and the Legal Profession. The NYSBA approved the committee report in June 2020, according to the bar’s news center.

source